Patched Acrobat Reader heap overflow flaw could result in remote code execution

News by Bradley Barth

One of the vulnerabilities patched in Adobe's most recent software update was a flaw in the JPEG decoder and parser of Adobe Acrobat Reader, which could have been exploited to execute code remotely.

One of the vulnerabilities patched in Adobe Systems' most recent software update was a flaw in the JPEG decoder and parser of Adobe Acrobat Reader, which could have been exploited to execute code remotely, Cisco's Talos threat intelligence division

According to a Talos security advisory posted last week, the specific flaw is a use-of-uninitialised-memory vulnerability that results in a heap-based buffer overflow, which can in turn be abused using a specially crafted PDF file with an embedded JPEG. Users can fall victim to the bug by visiting a malicious web page or opening a malicious email attachment.

Patched earlier this month, the bug in the JPEG decoder was discovered by Talos researcher Aleksandar Nikolic. Officially designated as CVE-2017-2971, the vulnerability "can result in the use of two 4 byte integer values which are previously uninitialised," the advisory explains. "The use of these two uninitialised variables leads to further process corruptions..."

As with previous Reader exploits, "the heap can be groomed in a specific way so that the uninitialised memory falls under attackers' control, which could then end up controlling the heap buffer overflow size directly, Talos continues in its advisory. "With further heap layout control this can lead to successful exploitation and remote code execution." 

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events